Atty Docket: IDF 2396 (4000-12300) Patent 
Listing of the Claims: 

1. (Currently Amended) A system for controlling access to computing resources within an 

enterprise comprising: 

a web server and a web security agent controlling access to Uniform Resource Locators 
(URLs); 

a security gatekeeper and an access server controlling access to Application 
Programming Interfaces (APIs); and 

a core security framework used by both the web server and web security agent and by 
both the security gatekeeper and the access server to store security data and 
policies and approve or deny requests for access to URLs and APIs , wherein the 
security gatekeeper sends a data request made by a user with security related 
information to the core security framework to authenticate the user and to 
authorize the user, wherein the core security framework informs the security 
gatekeeper whether the user has been authenticated and authorized, wherein the 
security gate keeper forwards the data request to the access server when the 
security gate keeper is informed that the user has been authenticated and 
authorized, the access server provides the user with the requested data. 

2. (Original) The system of claim 1 wherein the access server is a Standard Object 

Access Protocol (SOAP) server. 

3. (Original) The system of claim 1 wherein the core security framework comprises a policy 

store, a data store, and a policy server. 
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4. (Original) The system of claim 3 wherein the data store is a relational database. 

5. (Original) The system of claim 3 wherein the data store is a directory. 

6. (Original) The system of claim 1 wherein, upon the core security framework approving a 

request for access to an API, the core security framework creates a session token and attaches 
the session token to the approved request, the session token providing access to the API for 
the duration of a session. 
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7. (Original) A system for communication between two independent computing domains 

comprising: 

a security gatekeeper within the second domain to intercept an invocation from the first 
domain to an API in the second domain; 

a core security framework coupled to the security gatekeeper wherein the security 
gatekeeper sends security-related information in the invocation to the core 
security framework, the core security framework authenticates an entity making 
the invocation and authorizes the entity to invoke the API, and the core security 
framework informs the security gatekeeper that the entity making the invocation 
has been authenticated and authorized; and 

an access server coupled to the security gatekeeper wherein the security gatekeeper 
informs the access server that the entity making the invocation has been 
authenticated and authorized and the access server provides the entity making the 
invocation with access to the API; 

wherein the core security framework is also used to control access to URLs within the 
second domain. 

8. (Original) The system of claim 7 wherein the core security framework comprises a policy 

store, a data store, and a policy server. 

9. (Original) The system of claim 8 wherein the data store is a relational database. 

10. (Original) The system of claim 8 wherein the data store is a directory. 
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11. (Original) The system of claim 7 wherein a session token is created that provides an entity 
invoking an API with access to the API for the duration of a session. 



12. (Original) The system of claim 7 wherein communications between the first domain and the 

second domain are in a format compliant with SOAP. 

13. (Original) The system of claim 12 wherein the security gatekeeper intercepts all data 

transmissions from the first domain to the second domain that are in the SOAP format. 

14. (Original) The system of claim 7 wherein the API invocation from the first domain is a request 

to authenticate and authorize a user within the second domain seeking access to data within 
the first domain. 
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15. (Original) A method of communicating between two independent computing domains 
comprising: 

a user within the first domain sending to the second domain a SOAP-compliant data 

request that also contains security-related information; 
a security gatekeeper within the second domain intercepting the data request; 
the security gatekeeper sending the data request to a core security framework within the 

second domain; 

the core security framework using the security-related information in the data request to 
authenticate the user and authorize the user to retrieve the requested data; 

the core security framework returning the data request to the security gatekeeper and 
informing the security gatekeeper that the user has been authenticated and 
authorized; 

the security gatekeeper sending the data request to a SOAP server and informing the 
SOAP server that the user has been authenticated and authorized; and 

the SOAP server providing the user with access to the requested data; 

wherein the core security framework is also used to control access to URLs within the 
second domain. 



16. (Original) The method of claim 15 wherein the data request is a request for access to an API 
within the second domain. 



17. (Original)The method of claim 15 wherein the core security framework comprises a policy 
store, a data store, and a policy server. 
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18. (Original) The method of claim 1 7 wherein the data store is a relational database. 

1 9. (Original) The method of claim 1 7 wherein the data store is a directory. 

20. (Original) The method of claim 15 wherein a session token is created that provides the user 

with access to the requested data for the duration of the session. 

21. (Original) The method of claim 15 wherein data requests from the user and data returned to 

the user are in a format compliant with SOAP. 

22. (Original) The method of claim 21 wherein all data transmissions from the first domain to the 

second domain that are in the SOAP format are intercepted by the security gatekeeper. 

23. (Original) The method of claim 15 wherein the data request from the first domain is a request 

to authenticate and authorize a user within the second domain seeking access to data within 
the first domain. 
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24. (Original) A method for a user within a first enterprise to gain access to data within a second 

enterprise comprising: 

the user logging in to a secure computing domain within the first enterprise; 
the user requesting data from the second enterprise; 

the first enterprise adding security information to the data request and sending the data 

request and security information to the second enterprise; 
a security gatekeeper within the second enterprise intercepting the security information; 
the security gatekeeper sending the security information to a core security framework 

within the second enterprise; 
the second enterprise's core security framework approving or denying the user's access 

to the requested data based on the security information; and 
upon approval, the second enterprise sending the requested data to the user. 

25. (Original) The method of claim 24 wherein the security information added to the data request 

is the user ID and password used by the user to log in to the secure computing domain within 
the first enterprise. 

26. (Original) The method of claim 24 wherein the security information added to the data request 

is a token agreed upon by the two enterprises to designate a legitimate data request from the 
first enterprise to the second enterprise. 

27. (Original) The method of claim 24 wherein data requests from the user and data returned to 

the user are in a format compliant with SOAP. 
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28. (Original) The method of claim 24 wherein the data request comprises the selection of a 
hyperlink on a secure web site within the first enterprise that links to a secure web site hosted 
by the second enterprise. 
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29. (Original) A method for a user within a second enterprise to gain access to data within a first 

enterprise comprising: 

the user logging in to a secure computing domain within the second enterprise; 
the user requesting data from the first enterprise; 

the second enterprise adding security information to the data request and sending the 

data request and security information to the first enterprise; 
the first enterprise sending the security information to the second enterprise; 
a security gatekeeper within the second enterprise intercepting the security information; 
the security gatekeeper sending the security information to a core security framework 

within the second enterprise; 
the second enterprise's core security framework approving or denying the user's access 

to the requested data based on the security information; 
upon approval, the second enterprise informing the first enterprise that the user is 

allowed access to the requested data; and 
the first enterprise sending the requested data to the user. 

30. (Original) The method of claim 29 wherein the security information added to the data request 

is the user ID and password used by the user to log in to the secure computing domain within 
the second enterprise. 

3 1 . (Original) The method of claim 29 wherein the security information added to the data request 

is a token agreed upon by the two enterprises to designate a legitimate data request from the 
second enterprise to the first enterprise. 
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32. (Original) The method of claim 29 wherein data requests from the user and data returned to 

the user are in a format compliant with SOAP. 

33. (Original) The method of claim 29 wherein the core security framework is also used to control 

access to URLs within the second enterprise. 

34. (Original) The method of claim 29 wherein the data request comprises the selection of a 

hyperlink on a secure web site within the second enterprise that links to a secure web site 
hosted by the first enterprise. 
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